Session Hijacking -Tutorial



What is Session Hijacking ?

Session Hijacking is the process of exploiting valid Computer Session which involves stealing the Victim’s Cookie.

What is Cookie ?

A cookie known as a web cookie or http cookie is a small piece of text stored by the user browser.
A cookie is sent as an header by the web server to the web browser on the client side.
A cookie is static and is sent back by the browser unchanged everytime it accesses the server.
A cookie has a expiration time that is set by the server and are deleted automatically after the expiration time.
Cookie is used to maintain users authentication and to implement shopping cart during his navigation,possibly across multiple visits.

What can we do after stealing cookie?


Well,as we know web sites authenticate their user’s with a cookie,it can be used to hijack the victims session.
The victims stolen cookie can be replaced with our cookie to hijack his session.

The following is a cookie stealing script which is to be stored in attacker’s host.It recieves the cookie data and stores to a text file.
download link is below:
Click Here

Save the script as a cookielogger.php in your server.(Any free web hosting sites like justfree,x10hosting etc..
Also create an empty text file and name it as log.txt and upload it.

Now we come to the hardest part where we have to inject a piece of javascript into sites html page,which the victims has to visit.We should now look for a place to post the javascript.

Look for user interactive sites which contain comments or forums.

Post the following code which invokes or activates the cookielogger on your host.

Code : download link is below :
Click Here

Your can also trick the victim into clicking a link that activates javascript.
Below is the code which has to be posted.

Code : download link is below :
Click Here

Clicking an Image also can activate the Script.For this purpose you can use the below code.

Code : download link is below :
Click Here

All the details like Cookie, IP Address , Browser of the victim are logged in to log.txt in your host.

In the above codes please remove the space in between javascript.

Hijacking the Session:

Now we have cookie,what to do with this..?

Download cookie editor mozilla plugin.

Go to the target site–>open cookie editor–>Replace the cookie with the stolen cookie of the victim and refresh the page.
Thats it!!!
you should now be in his account.
Download cookie editor mozilla plugin from here :
Click Here




Share your views...

1 Respones to "Session Hijacking -Tutorial"

felisha green said...

If you ever want to change or up your university grades contact cybergolden hacker he'll get it done and show a proof of work done before payment. He's efficient, reliable and affordable. He can also perform all sorts of hacks including text, whatsapp, password decrypt,hack any mobile phone, Escape Bancruptcy, Delete Criminal Records and the rest

Email: cybergoldenhacker at gmail dot com


11 March 2020 at 11:37

Post a Comment

 

WhoIsAmoungUS

Trace

Copy Restrict

About Me

Scroll Button

Popular Posts

Counter

© 2014 Hacking-The Art of Exploitation All Rights Reserved Vishal S Sangwa A Ethical Hacker White Hat Hacker